cbrknight Posted December 3, 2004 Posted December 3, 2004 My boss wants me to password protect the entire site against a separate database. Nobody will be able to view the site at all without logging in. The problem that I am running into is that the sessions I am creating are conflicting with the sessions in OSCommerce. Unfortunately, I am not that skilled with sessions and cant figure out how to encorporate my sessions with OSCommerce. Is there an easier method to do what I am trying to do? If not can someone give me some pointers to dealing with my session problems? Thanks "Every time I idiot proof something... The world comes out with a better idiot"
♥Vger Posted December 3, 2004 Posted December 3, 2004 If you are on a shared server and you are trying to access the database from another site on another server then you will need: 1. A dedicated IP address for the site sending the request to the site with the database 2. Specific permission from your hosting company to allow requests from that dedicated ip address through the firewall. Vger
gamerevolt Posted December 3, 2004 Posted December 3, 2004 I would say the easiest thing to do would protect it with a .htaccess and password... This is how I got my admin area protected but if you point it at you actual whole store directory it will make it passworded Here is an example: This is from Powweb Support osCommerce forum A complete walk through is at the bottom: Step 1 Create a directory/folder inside your FTP Space called ETC or any folder name you wish to call it (this will contain the .passwd file) Step 2 Create an .htaccess for your admin directory. (refer to the link above) or look at the code below. AuthUserFile /www/u/username/.htpasswd AuthGroupFile /dev/null AuthName "Your Desired Login Message Goes Here" AuthType Basic <Limit GET> require user "username" take off the " " </Limit> For AuthUserFile, login to your Ops and look under HTTP (Website), you will see this line: DocumentRoot: /www/u/username/htdocs If you created a directory/folder inside your htdocs, the path should point like this: /www/u/username/htdocs/etc/.htpasswd You should directly follow the steps. Step 3 Create the .htpasswd file. Use this link below to generate the needed info. http://help.powweb.com/cgi-bin/crypt.cgi Copy the information that was generated by the tool, paste it to a file named .htapsswd and directly upload it to the directory/folder you have created on Step 1. Note: for Windows users, it is impossible to create a file starting with a dot, you can simply create a file named htaccess.txt, upoload it later then rename it through your FTP tool like WS_FTP PRO. For Linux or any Unix based OS users, this is not an issue. Once you have accomplished this, upload the file .htaccess to any directory you want to protect. (Do not forget to rename both files to .htaccess and .htpasswd) If you wish to add users to the login, repeat Step 3 and simply add any generated password to your file, do not forget to put them one line after another. This is the complete step for the admin protection or any directory protection on your website. Another issue is to set default.php as one of your startup file. to do this, create a separate .htaccess file with this code: DirectoryIndex index.htm index.html index.php3 index.php default.html default.htm default.php index.cgi It will actually depend on what startup files you want to add or remove. Upload this on your htdocs directory/folder and you are all set. I also included sample files for you to just edit them according to your settings. Download the Sample Files Here http://www.jcdesignpro.com/samples.zip In case you need further assistance, you can directly email me at [email protected] I hope this helps Origianlly posted by: Paul V. Barrera
cbrknight Posted December 3, 2004 Author Posted December 3, 2004 I would say the easiest thing to do would protect it with a .htaccess and password... This is how I got my admin area protected but if you point it at you actual whole store directory it will make it passworded Here is an example: This is from Powweb Support osCommerce forum A complete walk through is at the bottom: Step 1 Create a directory/folder inside your FTP Space called ETC or any folder name you wish to call it (this will contain the .passwd file) Step 2 Create an .htaccess for your admin directory. (refer to the link above) or look at the code below. AuthUserFile /www/u/username/.htpasswd AuthGroupFile /dev/null AuthName "Your Desired Login Message Goes Here" AuthType Basic <Limit GET> require user "username" take off the " " </Limit> For AuthUserFile, login to your Ops and look under HTTP (Website), you will see this line: DocumentRoot: /www/u/username/htdocs If you created a directory/folder inside your htdocs, the path should point like this: /www/u/username/htdocs/etc/.htpasswd You should directly follow the steps. Step 3 Create the .htpasswd file. Use this link below to generate the needed info. http://help.powweb.com/cgi-bin/crypt.cgi Copy the information that was generated by the tool, paste it to a file named .htapsswd and directly upload it to the directory/folder you have created on Step 1. Note: for Windows users, it is impossible to create a file starting with a dot, you can simply create a file named htaccess.txt, upoload it later then rename it through your FTP tool like WS_FTP PRO. For Linux or any Unix based OS users, this is not an issue. Once you have accomplished this, upload the file .htaccess to any directory you want to protect. (Do not forget to rename both files to .htaccess and .htpasswd) If you wish to add users to the login, repeat Step 3 and simply add any generated password to your file, do not forget to put them one line after another. This is the complete step for the admin protection or any directory protection on your website. Another issue is to set default.php as one of your startup file. to do this, create a separate .htaccess file with this code: DirectoryIndex index.htm index.html index.php3 index.php default.html default.htm default.php index.cgi It will actually depend on what startup files you want to add or remove. Upload this on your htdocs directory/folder and you are all set. I also included sample files for you to just edit them according to your settings. Download the Sample Files Here http://www.jcdesignpro.com/samples.zip In case you need further assistance, you can directly email me at [email protected] I hope this helps Origianlly posted by: Paul V. Barrera <{POST_SNAPBACK}> I was actually contemplating htaccess myself. I use it for my admin area. My only problems with that are can I change the login box to something other than the default login box from windows my boss is going to give me a flat csv file of users and passwords. I am not going to be able to type them into that page you gave me individually. What do you suggest for that ? "Every time I idiot proof something... The world comes out with a better idiot"
gamerevolt Posted December 3, 2004 Posted December 3, 2004 If this list that your boss gives you is the only people that will need to login or if you will occasionaly add new ones this will not be to hard Just enter these people in by hand one time.... make sure to use that script in the above link to encrypt there passwords... Make sure you put this on the whole store directory and not just a page.... The only other option I could think of would be javascript (which are not the most secure) Your ht password for multiple usere would look like this: user1:ovG.K4pv0oXPA user2:de7sPRqBBkKeA user3:laL8VHDYPrnIE Note: Keep any additional user in this format I think this is the best and secure way... It might be a little time consuming but it is the most secure...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.